Results 1 to 2 of 2

Thread: Best Web-Based Vulnerability Tester?

  1. #1
    W
    Guest

    Best Web-Based Vulnerability Tester?

    What web-based services offer the best vulnerability testing service, that
    will test a public web server on an ongoing basis? I'm aware of "Beyond
    Security" but they seem like a very small company. There are of course
    many software based tools, but I would rather have this done from outside
    our network as a service.

    --
    W



  2. #2
    Regis
    Guest

    Re: Best Web-Based Vulnerability Tester?

    "W" <persistentone@spamarrest.com> writes:

    > What web-based services offer the best vulnerability testing service, that
    > will test a public web server on an ongoing basis? I'm aware of "Beyond
    > Security" but they seem like a very small company. There are of course
    > many software based tools, but I would rather have this done from outside
    > our network as a service.


    "Best" is kinda specious as the network vulnerability scan space is
    fairly commoditized these days. First question though: what are you
    scanning? Are you interested in scanning your network for external
    facing vulnerabilities, or are you looking for a deep dive into
    scanning specific web applications for all their warts on an ongoing
    basis? I ask because these are two different animals from a tools
    perspective (there are web app scanners and there are network vuln
    scanners).

    Assuming it's network vulnerability scanning you're interested in,
    vendor-wise, if you want a cloud service and don't want to manage your
    own scan server, Qualys is considered the leader in this space.
    http://www.qualys.com/

    There are of course a ton of small security vendors out there that'll
    do such a thing for you periodically, some are pretty much "Yeah,
    we'll do a periodic Nessus scan for ya and toss it over the wall for
    you." These should be very inexpensive because Tenable Nessus is all
    of $1200ish a year for them (or you) to license. Which might make you
    reconsider hosting the scans yourself and just getting a slice host
    out there somewhere that you slap linux on and a nessus license and
    learn how to set up a scan like you want.

    If you want a more known player thats not a direct vendor and would be
    a decent ally to have if the poo hits the fan and you need something
    else from em (such as incident response), consider TrustWave, though
    they lean in a PCI direction as an organization. If you don't have
    any credit card or PCI concerns at all, there are probably cheaper
    solutions:
    https://www.trustwave.com/vulnerabilityScanning.php








Similar Threads

  1. Setting up static IPs using a Comcast Business Gateway
    By cranialsurge in forum Wireless Networks & Routers
    Replies: 93
    Last Post: 01-27-13, 09:21 AM
  2. 26 Hosting Web www.ivys.es
    By tesddalws in forum ms.public.windows.networking.wireless
    Replies: 0
    Last Post: 11-04-09, 07:33 AM
  3. blocking people from attaching files to web based emails
    By Ashish Gupta in forum comp.security.firewalls
    Replies: 15
    Last Post: 10-18-09, 05:40 PM
  4. Digital Subscriber Line (xDSL) FAQ v20010108
    By jkristof@interaccess.com in forum comp.dcom.xdsl
    Replies: 0
    Last Post: 06-21-09, 12:51 PM
  5. Estiah - Web Based MMO
    By C.M. Weaver in forum Gaming
    Replies: 1
    Last Post: 10-16-08, 10:06 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •